<?php
/*
 * ＩＰアクセス制限
  $IP = $_SERVER['REMOTE_ADDR'];
$from = strcmp($IP,'192.168.0.0');
$to = strcmp($IP,'192.168.0.255');
if (!($from >= 0 && $to <= 0))
 echo "Access Denied";
else
 */
require_once( '../system/smarty.inc' );
require_once( '../system/Class_DB.php' );
require_once( '../system/Class_ERROR.php' );
require_once( '../system/Class_PWD.php' );
require_once( '../system/loginauth.inc.php' );


$err = false;

if( $_SERVER['REQUEST_METHOD'] == 'POST' ){

	$forms = $_POST;

	$id = $forms['login_id']; 
	$pass = $forms['login_pass'];
	$oerr = new Class_ERROR('','');

	$errchk =  array( "EXIST" ,"ALNUM" );
	$err_mes['login_id']	= $oerr->check( $id, $errchk );
	$err_mes['login_pass']	= $oerr->check( $pass, $errchk );
	
	$msg_bg =  '<p class="caution">';
	$msg_ed =  '</p>';
	if ($err_mes['login_id']){
		$err_msg =$msg_bg."IDは".$err_mes['login_id'].$msg_ed;
	}
	
	if ($err_mes['login_pass']){
		$passmsg = $msg_bg."パスワードは".$err_mes['login_pass'].$msg_ed;
		if ($err_msg) {
			$err_msg = $err_msg.$passmsg;
		} else {
			$err_msg = $passmsg;
		}
		
	}
	
	if(  $oerr->clear ){
		$db = new Class_DB;

		$sql = sprintf("SELECT * FROM M_LOGIN WHERE login_id = '%s' AND login_pwd = '%s' ",
			mysql_real_escape_string( $id ),
			mysql_real_escape_string( Class_PWD::do_encode($pass) )
		);
		
		//$sql = sprintf("SELECT * FROM M_LOGIN WHERE login_id = '%s'  ",
		//	mysql_real_escape_string( $id )
		//);
		
		$db->query( $sql );

		if( $db->num_rows() ){
			$row = $db->fetch();
			if  ($row['login_ng'] == '1') {
				$err_msg = '<p class="caution">ログインできません。管理者にお問い合わせください。</p>';
				$err = true;
				$db->close();
				
			} else {
				session_name( 'AOKI_ADMIN' );
				session_start();
				$auth = $row['auth'];
				$_SESSION['ADMIN_LOGIN']['STAFF_SEQ']	= $row['id'];
				$_SESSION['ADMIN_LOGIN']['STAFF_ID']	= $row['login_id'];
				$_SESSION['ADMIN_LOGIN']['STAFF_NAME']	= $row['user_name'];
				$_SESSION['ADMIN_LOGIN']['STAFF_AUTH']	= 'G-' . $auth ;
				$_SESSION['ADMIN_LOGIN']['STAFF_INS_CO_CD']	=  $row['ins_co_cd'];
				$db->close();
				$aoki_menu_auth =array(
					AOKI_AUTH_USER          => array(0, 1),
					AOKI_AUTH_INS_SHOP      => array(0, 1, 4, 5),
					AOKI_AUTH_SHOP          => array(0, 1),
					AOKI_AUTH_MATRIX        => array(0, 1, 5, 7),
					AOKI_AUTH_AREA_AD       => array(0, 1),
					AOKI_AUTH_AREA          => array(0, 1),
					AOKI_AUTH_DNP_AREA      => array(0, 1, 5),
					AOKI_AUTH_PATTERN       => array(0, 1),
					AOKI_AUTH_MAP_GROUP     => array(0, 1, 5,  7),
					AOKI_AUTH_MAP_SERVICE   => array(0, 1, 5,  7),
					AOKI_AUTH_NEWYEAR       => array(0, 1),
					AOKI_AUTH_INS_SHOP_SHOP => array(0, 1, 5),
					AOKI_AUTH_AJAREKS       => array(0, 1),	
					AOKI_AUTH_COST_QR       => array(0, 1, 2, 3),
					AOKI_AUTH_COST_DM       => array(0, 1, 2, 3, 7),
					AOKI_AUTH_COST          => array(0, 1, 2, 3),
					AOKI_AUTH_RHIZOME       => array(0, 1),
					AOKI_AUTH_T_PATTERN     => array(0, 1, 2, 3, 4),
					AOKI_AUTH_MON_CELL      => array(0, 1, 2, 3,  7, 8),
					AOKI_AUTH_AFCS          => array(0, 1, 2, 3,  7, 8)
				);
				
				//0 権限がある　1 権限がない
				$aoki_file_auth =array(
					"user_index"              => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"user_form"               => array( 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"user_import"             => array( 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"user_importing"          => array( 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"minsshop_index"          => array( 0, 0, 1, 1, 0, 0, 1, 1, 1, 1 ),
					"minsshop_form"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"minsshop_import"         => array( 0, 0, 1, 1, 0, 0, 1, 1, 1, 1 ),
					"minsshop_importing"      => array( 0, 0, 1, 1, 0, 0, 1, 1, 1, 1 ),
					"mins_delive_index"       => array( 0, 0, 1, 1, 0, 1, 1, 1, 1, 1 ),
					"minsshopshop_index"      => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"minsshopshop_form"       => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mshop_index"             => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mshop_form"              => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mshop_import"            => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mshop_importing"         => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mareaad_index"           => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"mareaad_form"            => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"mareaad_import"          => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"mareaad_shop_import"     => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"mareaad_importing"       => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"marea_index"             => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"marea_form"              => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 ),
					"mpattern_index"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mpattern_form"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mmapg_index"             => array( 0, 0, 1, 1, 1, 0, 1, 0, 1, 1 ),
					"mmapshop_index"          => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mmapshop_import"         => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mmservice_index"         => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mmatrix_index"           => array( 0, 0, 1, 1, 1, 0, 1, 0, 1, 1 ),
					"mmatrix_form"            => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mmatrix_form_ver"        => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mnewyear_index"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mnewyear_form"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mnewyear_week_form"      => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"majareks_index"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"majareks_form"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"majareks_import"         => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"majareks_importing"      => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mrhizome_index"          => array( 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 ),
					
					"mcost_flier_index"       => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_flier_import"      => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"mcost_flier_price"       => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					
					"mcost_dm_index"          => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mcost_dm_d_import"       => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mcost_dm_c_import"       => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mcost_dm_price"          => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"mcost_dm_plane_index"    => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_dm_plane_import"   => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					
					//"mcost_tvsp_index"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 0 ),
					"mcost_list_index"            => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_list_month_index"      => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_list_sum_index"        => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_list_quantity_index"   => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"mcost_list_quantity_import"  => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					
					"mcost_csv_index"         => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"tpattern_index"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"tpattern_copy"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"tpattern_export"         => array( 0, 0, 0, 0, 0, 1, 1, 1, 1, 1 ),
					"tpattern_shop"           => array( 0, 0, 0, 0, 0, 1, 1, 1, 1, 1 ),
					"tpattern_delive"         => array( 0, 0, 0, 0, 0, 1, 1, 1, 1, 1 ),
					"tmoncell_index"          => array( 0, 0, 0, 0, 1, 1, 1, 0, 0, 1 ),
					"tmoncell_form"           => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"tmoncell_update"         => array( 0, 0, 0, 0, 1, 1, 1, 1, 1, 1 ),
					"tmoncellprn_index"       => array( 0, 0, 1, 1, 1, 1, 1, 0, 1, 1 ),
					"tmoncellshop_index"      => array( 0, 0, 0, 0, 1, 1, 1, 0, 1, 1 ),
					"afcs_index"              => array( 0, 0, 0, 0, 1, 1, 1, 0, 0, 1 ),
					"ddnpwarea_index"         => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"ddnpwarea_update"          => array( 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 ),
					"ddnparea_index"          => array( 0, 0, 1, 1, 1, 0, 1, 1, 1, 1 )
				);
				$aoki_auth = array();
				foreach ($aoki_menu_auth as $k => $v ) {
					if (in_array($auth, $v )) {
						$aoki_auth[$k] = 1;
					}
				}
				
				foreach ($aoki_file_auth as $k => $v ) {
					
					if ($v[$auth] == 0 ) {
						$aoki_auth[$k] = 1;
					}
				}
				$_SESSION['ADMIN_LOGIN']['STAFF_AUTH_ARR'] = $aoki_auth;
				header("Location: ./index.php");
				exit;				
			}
			
		}else{
			$err_msg = '<p class="caution">IDまたはパスワードが間違っています</p>';
			$err = true;
			$db->close();
		}

	}else{

		$err = true;
	}
	
$err = true;
}

if( isset( $forms ) ) $smarty->assign('forms', $forms );
$smarty->assign('err', $err );
if( isset( $err_msg ) )$smarty->assign('err_msg', $err_msg );
$smarty->assign('footer', $smarty->fetch('footer.html') );
$smarty->display('login.html');
?>